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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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5) D Claim(s) is/are allowed. 

6) H Claim(s) 1-21 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 
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DETAILED ACTION 



Specification 

1 . The disclosure is objected to because of the following informalities: 

• On page 14, line 4, reference number 206 should be 306. 

• On page 14, line 5, reference number 206 should be 308. 

Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 1 50 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 

With regards to the abstract, the length exceeds 150 words. Please modify the abstract 
to be within the set limits. 

Appropriate correction is required. 



Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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3. Claims 16 and 17 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Spies et al. (U.S. Patent No. 5,689,565). 

Regarding claim 16 . Spies et al. teaches a computer-readable medium having 
stored thereon a data structure, comprising: 

• A first data field containing data representing a data length identifier and a tag 
type (fig. 9, ref. num 142); and 

• A second data field containing configuration data of said tag type and having a 
length described by said data length identifier (fig. 9, ref. num 144). 

Regarding claim 17 . Spies et al. teaches wherein said data structure further 
comprises a plurality of additional data structures comprising one of said first data field 
and one of said second data field for a plurality of tags (col. 15, lines 63-67). 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-7 and 12-15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shrader et al. (U.S. Patent No. 6,374,359) in view of Quimby (U.S. Patent No. 



Claim Rejections - 35 USC § 103 



5,367,573), and further in view of Hardy etal. (U.S. Patent No. 5,623,546). 
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Regarding claims 1, 12, and 14 . Shrader et al. teaches a method/computer- 
readable medium/computer-controlled apparatus for storing session data on a client 
computer, comprising: 

• Encrypting said encoded configuration data using an encryption key to create 
encrypted encoded configuration data (fig. 4, ref. num 82); 

• Concatenating a secret, a length of the secret, and a length of the length of the 
secret with said encrypted encoded configuration data to form a session cookie 
(col. 7, lines 16-21 , the secret is the password and the note of using other 
validation values suggests supplying the length of a field for verifying if the data 
has been changed. The act of supplying the length of the length of a field only 
adds more validation, therefore the extra validation fields are obvious); and 

• Transmitting said session cookie to said client computer (fig. 3, ref. num 62). 

Shrader et al. does not teach encoding said session data in a tag-length-value 
format to create encoded configuration data, or that the encryption key is modified. 

Quimbv teaches encoding said session data in a tag-length-value format to 
create encoded configuration data (col. 2, lines 56-67). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine encoding session data in a tag-length-value format, as 
taught by Quimbv . with the method of Shrader et al. It would have been obvious to 



• 
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combine encoding session data in a tag-length-value format, as taught by Quimbv . with 
the method of Shrader et al. because the TLV format allows an arbitrary number of 
fields of arbitrary length to be encoded (see col. 3, lines 59-62 of Quimby). 

Shrader et al. as modified by Quimbv still does not teach that the encryption key 
is a modified encryption key. 

Hardy et al. teaches the encryption key is a modified encryption key (fig. 2). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine using a modified encryption key, as taught by Hardy et 
aL, with the method of Shrader et al. as modified by Quimbv. It would have been 
obvious to combine using a modified encryption key, as taught by Hardy et al. , with the 
method of Shrader et al. as modified by Quimbv because the modified encryption key 
allows the transfer of data between devices without the use of secure lines (see col. 2, 
lines 38-54 of Hardy et al.). 

Regarding claims 2, 13, and 15 , the combination of Shrader et al. as modified by 
Quimbv and Hardy et al. teaches wherein said modified encryption key comprises a 
standard encryption key with said secret inserted at a predefined location (see fig. 2 of 
Hardy et al.). 



• 



Application/Control Number: 09/650,104 Page 6 

Art Unit: 2136 

Regarding claim 3 . the combination of Shrader et al. as modified by Quimbv and 
Hardy et al. teaches wherein said modified encryption key further comprises a time 
stamp indicating a time at which said modified encryption key is created (see col. 3 t 
lines 34-53 of Quimby). 

Regarding claim 4 , the combination of Shrader et al. as modified by Quimbv and 
Hardy et al. teaches further comprising: 

• Requesting said session cookie from said client computer (see fig. 5, ref. num 90 
of Shrader et al.); 

• Receiving said session cookie from said client computer (see fig. 5, ref. num 90 
of Shrader et al.); 

• Extracting said secret from said session cookie (see fig. 5, ref. num 98 of 
Shrader et al.); 

• Creating said modified encryption key by inserting said secret extracted from said 
session cookie into said standard encryption key at said predefined location (see 
fig. 3 and col. 6, lines 18-36 of Hardy et al.); and 

• Decrypting said session data from said cookie using said modified encryption key 
(see fig. 5, ref. num 94 of Shrader et al.). 

Regarding claim 5 , the combination of Shrader et al. as modified by Quimbv and 
Hardy et al. teaches further comprising: 

• Decoding a tag from said session data (see fig. 5, ref. num 92 of Shrader et al.); 
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• Determining whether said tag comprises a valid tag (see fig. 5, ref. num 96 and 
98 of Shrader et al); and 

• In response to determining that said tag comprises a valid tag, configuring said 
server using data contained in said tag (see fig. 5, ref. num 100 of Shrader et al.). 

Regarding claim 6 . the combination of Shrader et al. as modified by Quimbv and 
Hardy et al. teaches further comprising: 

• In response to determining that said tag does not comprise a valid tag, 
determining whether additional tags remain to be decoded from said encoded 
configuration data (see fig. 5, ERROR of Shrader et al.); and 

• In response to determining that additional tags remain to be decoded, decoding a 
next tag and determining whether said next tag comprises a valid tag (see fig. 5, 
ref. num 92, 96, and 98 of Shrader et al.). 

Because the Shrader et al. reference was modified by the Quimby reference to 
include TLV, the decoding step of Shrader et al. will now decode multiple tags, instead 
of just the one cookie as displayed in the Shrader et al. reference. The modification 
demands the steps of processing every set of tag-length-value parameter that belongs 
to the entire session data. This means instead of producing ERROR, as shown in figure 
5 of Shrader et al., the modification now checks the next set of TLV values. 
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Regarding claim 7 . the combination of Shraderet al. as modified by Quimbv and 
Hardv et al. teaches further comprising: in response to determining that said next tag 
comprises a valid tag, configuring said server using data contained in said next tag (see 
fig. 5, ref. num 100 of Shrader et al.). 

Claims 8-1 1 are rejected. under 35 U.S.C. 103(a) as being unpatentable over 
Shrader et al. (U.S. PN '359) as modified by Quimbv (U.S. PN '573) and Hardv et al. 
(U.S. PN '546), and further in view of Becker et al. (U.S. Patent No. 6,557,038). 

Regarding claim 8 . the combination of Shrader et al. as modified by Quimbv and 
Hardv etal. teaches all the limitations of claims 1-7 above. However, the combination 
of Shrader et al. as modified by Quimbv and Hardv et al. does not teach further 
comprising: in response to determining that additional tags do not remain to be 
decoded, periodically authenticating said session cookie. 

Becker et al. teaches further comprising: in response to determining that 
additional tags do not remain to be decoded, periodically authenticating said session 
cookie (fig. 12). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine periodically authenticating said session cookie if 
additional tags do not remain, as taught by Becker et al. . with the method of Shrader et 



Application/Control Number: 09/650,104 Page 9 

Art Unit: 2136 

ah as modified by Quimbv and Hardy et al. It would have been obvious to combine 
periodically authenticating said session cookie if additional tags do not remain, as 
taught by Becker et al. . with the method of Shrader et al. as modified by Quimbv and 
Hardv et al. because the periodic authentication would enable the user to remain 
connected to the server. This would allow the user to not have to login repeatedly and 
also keep other third parties from accessing the data that was transferred between the 
user and the server. 

Regarding claim 9 . the combination of Shrader et al. as modified by Quimbv and 
Hardv et al. . and further in view of Becker et al. teaches wherein periodically 
authenticating said session cookie comprises: 

• Starting a session timer (see fig. 12, ref. num 1202 of Becker et al.); 

• Determining whether said session timer has elapsed (see fig. 12, ref. num 1204 
of Becker et al.); and 

• In response to determining that said session timer has elapsed (see fig. 12, ref. 
num 1206 of Becker et al.), 

o Requesting said session cookie from said client computer (see fig. 5, ref. 

num 90 of Shrader et al.), 
o Decrypting and decoding a tag contained in said session cookie (see fig. 

5, ref. num 92 and 94 of Shrader et al.), and 
o Determining whether said tag comprises a valid tag (see fig. 5, ref. num 96 

and 98 of Shrader et al.). 
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Regarding claim 10 . the combination of Shrader et al. as modified bv Quimbv 
and Hardv et al. . and further in view of Becker et al. teaches further comprising: 
• In response to determining that said tag comprises a valid tag, 

o Generating a new session cookie (see fig. 4, ref. num 80 of Shrader et 
al.), 

o Transmitting said new session cookie to said client computer (see fig. 3, 

ref. num 62 of Shrader et al.), and 
o Resetting said session timer (see fig. 1 1 , ref. num 1 104 of Becker et al.). 

Regarding claim 11 . the combination of Shrader et al. as modified bv Quimbv 
and Hardv et al. . and further in view of Becker et al. teaches further comprising: in 
response to determining that said tag does not comprise a valid tag, ending a 
communications session between said server computer and said client computer (see 
fig. 10, ref. num 1004 of Becker et al.). 

Claims 18-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Spies et al. (U.S. Patent No. 5,689,565). 

Regarding claim 18 . Spies et al. teaches wherein said data length identifier 
comprises the first two bits of said first data field (col. 16, lines 6-7). 

It would have been obvious to change the 'fixed-size' field from 32-bit to 2-bit, or 
any other size, as long as the field data remained fixed. 
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Regarding claim 19 , Spies et al. teaches wherein said data length identifier 
comprises data indicating that the length of said second data field is one byte (col. 16, 
lines 10-14). 

Regarding claim 20 , Spies et al. teaches wherein said data length identifier 
comprises data indicating that the length of said second data field is four bytes (col. 16, 
lines 10-14). 

Regarding claim 21 . Spies et al. teaches wherein said data length identifier 
comprises data indicating that said tag type comprises an extended tag type (col. 16, 
lines 10-14). 

It would have been obvious to indicate the length of the second data field is one 
byte or four bytes. Spies et al. teaches that the field is variable (meaning it can be 
different, i.e., one byte or four bytes) and that it is an exact byte count of the data 
contained in the value field. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon Hoffman whose telephone number is 703-305- 
4662. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is (703) 872-9306. 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 



BH 

3/17/04 
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